Description
ClearDefenderHistory is a script that allows you to clear the protection history of Windows Defender (now called Windows Security) on Windows 10 and 11 systems. The script addresses the need to manually remove detection records and actions from the antivirus, something the default Windows Defender interface does not natively offer.
How It Works
The script creates a temporary scheduled task that is executed with SYSTEM privileges on the next reboot of the computer. This task clears the log files of Windows Defender located in folders such as C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service. After execution, the task self-deletes, ensuring that the system returns to its normal state without further intervention.
Context and Need
- Security Change: Before spring 2024, it was possible to clear the history without rebooting the system. However, a Windows Defender security update rendered the previous method ineffective, now requiring a restart for the logs to be released and deleted.
- Reasons for Use:
- Simple Cleanup: Users may want to remove old detections to organize the history.
- Correction of False Positives: In some cases, Defender continues to show false positive alerts even after definition updates, and clearing the history may resolve this.
How to Use
- Download the ZIP file through the button above.
- Extract ClearDefenderHistory.cmd.
- Right-click the file, go to "Properties," check "Unblock" (if applicable), and click "OK".
- Run the script by double-clicking (you may need to approve User Account Control - UAC).
- Restart the computer when prompted to complete the cleanup.
Features
- Security: Uses SYSTEM permissions via scheduled task, avoiding risky methods such as manually changing the ownership of Defender folders, which could create vulnerabilities.
- Portability: Does not require installation, being executable directly.
- Effectiveness: Reliably removes logs, including files like mpenginedb.db and the contents of the history folder.